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DETAILED ACTION 

Response to Amendment 

Status of the instant application: 

• Claims 1,15, 22, 35 are currently amended in the instant application. 

• Claims 2 - 10, 19, 20, 23, 33, 36, 38 are original in the instant application. 

• Claims 11-14,16-18,21, 24—29, 31 , 39 - 40 are cancelled in the instant 
application. 

• Claims 30, 32, 34 are previously presented in the instant application. 

Response to Arguments 

Applicant's arguments and remarks filed 01/30/2009 have been fully considered and 
have been found to be not persuasive, please see the examiners response to 
applicant's arguments and corresponding office action below. 



Examiners response to applicant's arguments: 

Applicant states: "Applicants disagree with the Examiner's assertion on page 4 of the action that 
paragraph 36 of Lutz teaches "storing first data on the client in response to the received first 
request, said first data identifying the first service wherein the authentication of the user by the 
first service is optional" and "allowing the user to access the first service without authenticating" 
as recited in claim 1." 

• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041, the examiner notes specifically that user 
send a request called "HTTP GET" to get access to management services (i.e. 
applicants second service), the user doesn't need to submit any authentication 
data for management resources, please see RFC 2616, now with this said, if the 
user wants access to more advanced personalized services (i.e. applicants first 
service), then the user can optionally provide authentication data to service 
provider. 



Applicant states: "However, before the network management service selected by the user is 
executed, the user must enter "network specific authentication information which is required to 
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perform the network management service." (Page 4, [0043]; page 7, [0074]). Therefore, Lutz, 
alone or in combination with the other cited art, fails to teach or disclose "allowing the user to 
access the first service without authenticating" as recited in claim 1 . " 



• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041 , the examiner notes specifically that user 
send a request called "HTTP GET" to get access to management services (i.e. 
applicants second service), the user doesn't need to submit any authentication 
data for management resources, please see RFC 2616, now with this said, if the 
user wants access to more advanced personalized services (i.e. applicants first 
service), then the user can optionally provide authentication data to service 
provider. 



Applicant states: "In other words the client docs not store information identifying the requested 
service, instead the client sends information identifying the requested service to the service 
provider. " 



• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041 , the examiner notes that it is obvious that the 
service or applet (i.e. first data ) that the user requested is sent from the service 
provider to the user, i.e. for the user to interact with, (i.e. analyzer selection 
page), which is applicants "first data." 



Applicant states: "For example, Lutz may disclose that a list of services is provided to the user, 
but Lutz fails to teach storing first data identifying the first requested service as recited in claim 
22." 

• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041 , the examiner notes that it is obvious that the 
service or applet (i.e. first data ) that the user requested is sent from the service 
provider to the user, i.e. for the user to interact with, (i.e. analyzer selection 
page), which is applicants "first data." 



Applicant states: "However, in this rejection, neither the element of receiving a 
second request from the second network server to provide the second service to the user 
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wherein authentication of the user by the second service is optional and wherein the user is 
not authenticated for the second service, nor the result of if the second service is not 
associated with the first policy group identified by the stored first data... allowing the 
unauthenticated user to access the second service during which the user continues to be 
unauthenticated for the second service is found in the combined art. " 



• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041 , the examiner notes specifically that user 
send a request called "HTTP GET" to get access to management services (i.e. 
applicants second service), the user doesn't need to submit any authentication 
data for management resources, please see RFC 2616, now with this said, if the 
user wants access to more advanced personalized services (i.e. applicants first 
service), then the user can optionally provide authentication data to service 
provider. 



Applicant states: "However, in this rejection, neither the element of storing first data 
on the client in response to the received first request, said first data identifying the first 
service wherein authentication of the user by the first service is optional and wherein the 
user is not authenticated for the first service and not authenticated for the second service 
when the first data is stored nor the result of authenticating, in response to the 
authentication of the user for the second request, the user for the first service identified in 
the stored first data wherein, in response to the authentication of the user for the first 
service, the generated authentication ticket and profile information is communicated to the 
first service is found in the combined art. " 



• The examiner respectfully disagrees with applicants logic and reasoning, the 
examiner points to paragraph: 0041, the examiner notes specifically that user 
send a request called "HTTP GET" to get access to management services (i.e. 
applicants second service), the user doesn't need to submit any authentication 
data for management resources, please see RFC 2616, now with this said, if the 
user wants access to more advanced personalized services (i.e. applicants first 
service), then the user can optionally provide authentication data to service 
provider. 



Applicant states: "Applicants wish to expedite prosecution of this application. If the Examiner 
deems the application to not be in condition for allowance, the Examiner is invited and 
encouraged to telephone the undersigned to discuss making an Examiner's amendment to 
place the application in condition for allowance. " 
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• The examiner notes, the examiner points to applicants 
claims and applicants specification, the examiner notes to 
applicant that in the interests of moving prosecution forward 
in the application, and to overcome the examiners current 
prior art rejection, the examiner suggests the following be 
amended in the all independent claims, claim 20, also the 
language of paragraph: 0020, specifically dealing with 
central server, first policy group and second policy group, a 
database containing the first policy and second policy that is 
coupled to the central server, also paragraph: 0043, the 64 
bit PUID that is encrypted, also in paragraph: 0073, after 
the user is authenticated by the central server, the user is 
only allowed to user the requested service for a predefined 
window of time. Applicant must also understand that any 
amendments to the claims will require further 
reconsideration and search at any future prosecution in the 
application. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms 
the basis for all obviousness rejections set forth in this Office 
action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
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subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claim(s) 1 - 10, 15, 19, 20, 22, 23, 30, 32 - 34 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Venkataramappa 
(US 2003/01 881 93 A 1 ) in view of Zhang et al. (US 70361 42 B1 ) 
further in view of Lutz (US Patent No. 2003/0204579 A1). 

Both Venkataramappa and Zhang are references cited in the 
applicant's information Disclosure Statement. 

Venkataramappa discloses a client that requests services from a 
first network server and a second network server and any 
subsequent network server in the network, Paragraph: 0054 & 
0059 & 0060 & 0061 . The client is authenticated by a first 
network server, the first network server sends a request to the 
KDC (i.e. central server) server, Paragraph: 0055. The KDC is 
made up of a Kerberos authentication server and a TGS (ticket 
granting service), Paragraph: 0053. The KDC allows the user or 
client to sign on only once, without having to sign on multiple 
times, the TGT and SSO token allows the second server or other 
servers to recognize which client or user has been authenticated 
before, Paragraph: 0057 & 0058 & 0059, and will not request that 
the user sign on again when requesting service or content from 
other or different servers on the network, Paragraphs: 0054 & 
0067. 

Venkataramappa does not appear to explicitly disclose first and 
second servers are in different domains or storing first data on the 
client in response to the received first request, said first data 
identifying the first service wherein the authentication of the user 
by the first service is optional, also Venkataramappa doesn't 
discloses allowing the user to access the first service without 
authenticating the user. 
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However, Zhang discloses single sign on users or subscribers to 
access both public and private domains (i.e. different domains 
and different domain content servers) when requesting content or 
service for the network server, Col 5, lines 30 - 51 . 



Further, However Lutz discloses, storing first data (i.e. the service 
providers HTTP response analyzer selection page) on the client in 
response to the received first request, said first data identifying 
the first service wherein the authentication of the user by the first 
service is optional (Paragraph: 0041); also Lutz, also discloses 
allowing the user to access the first service without authenticating 
the user(Paragraph: 0041), the examiner further notes that in 
paragraph: 0041, the examiner notes specifically that user sends 
a request called "HTTP GET" to get access to management 
services (i.e. applicants first service) which doesn't require an 
authentication ticket or user profile information, the user doesn't 
need to submit any authentication data for management 
resources, now with this said, if the user wants access to more 
advanced personalized services (i.e. applicants second service), 
then the user can optionally provide authentication data (i.e. 
applicants authentication ticket and profile information) to service 
provider . 



Venkataramappa and Zhang and Lutz are analogous art because 
they are from the "same field of endeavor," allow a user to be 
authenticated and access multiple content servers. 

At the time of the invention, it would have been obvious to one of 
ordinary skill in the art, having the teachings of Venkataramappa 
and Zhang before him or her, to modify a client that requests 
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services from a first network server and a second network server 
and any subsequent network server in the network, Paragraph: 
0054 & 0059 & 0060 & 0061 . The client is authenticated by a first 
network server, the first network server sends a request to the 
KDC (i.e. central server) server, Paragraph: 0055. The KDC is 
made up of a authentication server and a TGS (ticket granting 
service), Paragraph: 0053. The KDC allows the user or client to 
sign on only once, without having to sign on multiple times, the 
TGT and SSO token allows the server or servers to recognize 
which client or user has been authenticated before, Paragraph: 
0057 & 0058 & 0059 and will not request that the user sign on 
again, Paragraph 0054 & 0067 of Venkataramappa to include the 
authentication to access multiple domains, Col 5, lines 30 - 51 of 
Zhang, further to include the optional user authentication by the 
first server of Lutz, paragraph: 0041 . 

The suggestion/motivation for doing so would have been to allow 
a user to sign on once and allowed access to multiple servers in 
multiple domains without having to re - authenticate again, 
Paragraph: 0074 of Lutz , please also see KSR v. Teleflex, 127 
S.Ct. 1727, 1740, 82 USPQ2d 1385, 1396 (2007)) . 

Therefore it would have been obvious to combine 
Venkataramappa with Zhang, further combine Lutz to obtain the 
invention as specified in the instant claim(s). 



Claim(s) 35 - 38 are rejected under 35 USC 103 (a) as being 
obvious over Venkataramappa (US 2003/0188193 A 1) in view of 
Stanko (US PGPUB# 20050074126) further in view of Lutz (US 
Patent No. 2003/0204579 A1). 
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Both Venkataramappa and Stanko are references cited in the 
applicant's information Disclosure Statement. 

Venkataramappa discloses a client that requests services from a 
first network server and a second network server and any 
subsequent network server in the network, Paragraph: 0054 & 
0059 & 0060 & 0061 . The client is authenticated by a first network 
server, the first network server sends a request to the KDC (i.e. 
central server) server, Paragraph: 0055. The KDC is made up of a 
Kerberos authentication server and a TGS (ticket granting 
service), Paragraph: 0053. The KDC allows the user or client to 
sign on only once, without having to sign on multiple times, the 
TGT and SSO token allows the second server or other servers to 
recognize which client or user has been authenticated before, 
Paragraph: 0057 & 0058 & 0059, and will not request that the 
user sign on again when requesting service or content form other 
or different servers on the network, Paragraphs: 0054 & 0067. 

Venkataramappa does not appear to explicitly disclose a 
computer readable medium that executes a client that requests 
services from a first network server and a second network server 
and any subsequent network server in the network, the client is 
authenticated by a first network server, the first network server 
sends a request to the KDC (i.e. central server) server 
which is made up of a Kerberos authentication server and a TGS 
(ticket granting service), the KDC allows the user or client to sign 
on only once, without having to sign on multiple times, the TGT 
and SSO token allows the server or servers to recognize which 
client or user has been authenticated before, and will not request 
that the user sign on again, further Venkataramappa doesn't 
disclose a response component for storing first data on the client 
in response to the received first request, said first data identifying 
the first service wherein the authentication of the user by the first 
service is optional. 
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However, Stanko discloses a computer readable medium that 
allows a user through a client machine to be authenticated by an 
authentication server for access to a secure server that will 
provide content to the client or users request, Paragraph: 0042 & 
0078. The user will only have to be authenticated once by the 
authentication server, to be allowed access to other secured 
servers on the network, Paragraph: 0050. This is possible by the 
fact that a authentication ticket is stored on both a the client and 
the authentication server to which other secured servers have 
access to on the network, Paragraph: 0048 & 0049 & 0050. 



Further, However Lutz discloses, storing first data (i.e. the service 
providers HTTP response analyzer selection page) on the client in 
response to the received first request, said first data identifying 
the first service wherein the authentication of the user by the first 
service is optional (Paragraph: 0041); also Lutz, also discloses 
allowing the user to access the first service without authenticating 
the user (Paragraph: 0041). 



Venkataramappa and Stanko and Lutz are analogous art because 
they are from the "same field of endeavor," which is the field of 
authenticating a user or client once, with a proof of the 
authentication stored on the client and the content server and the 
authentication authority, which will allow the user or client 
subsequent access to plurality of other content servers on the 
network without having to be re-authenticated again. 

At the time of the invention, it would have been obvious to one of 
ordinary skill in the art, having the teachings of Venkataramappa 
and Stanko before him or her, to modify a client that requests 
services from a first network server and a second network server 
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and any subsequent network server in the network, Paragraph: 
0054 & 0059 & 0060 & 0061 . The client is authenticated by a first 
network server, the first network server sends a request to the 
KDC (i.e. central server) server, Paragraph: 0055. The KDC is 
made up of a Kerberos authentication server and a TGS (ticket 
granting service), Paragraph: 0053. The KDC allows the 
user or client to sign on only once, without having to sign on 
multiple times, the TGT and SSO token allows the second server 
or other servers to recognize which client or user has been 
authenticated before, Paragraph: 0057 & 0058 & 0059, and will 
not request that the user sign on again when requesting service 
or content form other or different servers on the network, 
Paragraphs: 0054 & 0067 of Venkataramappa to include a 
computer readable medium that allows a user through a client 
machine to be authenticated by an authentication server for 
access to a secure server that will provide content to the client or 
users request, Paragraph: 0042 & 0078. The user will only have 
to be authenticated once by the authentication server, to be 
allowed access to other secured servers on the network, 
Paragraph: 0050. This is possible by the fact that a authentication 
ticket is stored on both a the client and the authentication server, 
Paragraph: 0048 & 0049 & 0050 of Stanko, further to include the 
optional user authentication by the first server of Lutz, paragraph: 
0041. 

The suggestion/motivation for doing so would have been allowing 
a user or client to access a vast array of information or content 
from a variety of sources in a network without having to 
authenticate numerous times when the user wants to request 
another service from a different content or service provider on the 
network, Paragraphs: 0074 of Lutz, also please see KSR v. 
Teleflex, 127 S.Ct. 1727, 1740, 82 USPQ2d 1385, 1396 (2007)) 
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Therefore it would have been obvious to combine Stanko with 
Venkataramappa and further combined with Lutz to obtain the 
invention as specified in the instant claim(s). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DANT B. SHAIFER HARRIMAN whose telephone 
number is (571)272-7910. The examiner can normally be reached on Monday - 
Thursday: 8:00am - 5:30pm Alt. Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
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USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

04/04/2009 

/Dant B Shaifer - Harriman / 
Examiner, Art Unit 2434 



/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



